MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:bar Date:March 27 2007 7:20am
Subject:bk commit into 5.0 tree (bar:1.2477) BUG#27079
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of bar. When bar does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2477 07/03/27 12:20:20 bar@stripped +3 -0
  Bug#27079 Crash while grouping empty ucs2 strings
  Problem: GROUP BY on empty ucs2 strings crashed server.
  Reason: sometimes mi_unique_hash() is executed with
  ptr=null and length=0, which means "empty string".
  The branch of code handling UCS2 character set
  was not safe against ptr=null and fell into and
  endless loop even if length=0 because of poiter
  arithmetic overflow.
  Fix: adding special check for length=0 to avoid pointer arithmetic
  overflow.

  strings/ctype-uca.c
    1.44 07/03/27 12:20:17 bar@stripped +27 -7
    Fix my_uca_scanner_init_ucs2 to be safe against
    strings with length=0 and ptr=0.

  mysql-test/t/ctype_uca.test
    1.16 07/03/27 12:20:17 bar@stripped +10 -0
    Adding test case

  mysql-test/r/ctype_uca.result
    1.18 07/03/27 12:20:17 bar@stripped +9 -0
    Adding test case

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	bar
# Host:	bar.myoffice.izhnet.ru
# Root:	/home/bar/mysql-5.0.b27079

--- 1.43/strings/ctype-uca.c	2007-01-22 16:10:42 +04:00
+++ 1.44/strings/ctype-uca.c	2007-03-27 12:20:17 +05:00
@@ -6744,7 +6744,7 @@
   int (*next)(my_uca_scanner *scanner);
 } my_uca_scanner_handler;
 
-static uint16 nochar[]= {0};
+static uint16 nochar[]= {0,0};
 
 
 #ifdef HAVE_CHARSET_ucs2
@@ -6769,13 +6769,33 @@
                                      CHARSET_INFO *cs __attribute__((unused)),
                                      const uchar *str, uint length)
 {
-  /* Note, no needs to initialize scanner->wbeg */
-  scanner->sbeg= str;
-  scanner->send= str + length - 2;
   scanner->wbeg= nochar; 
-  scanner->uca_length= cs->sort_order;
-  scanner->uca_weight= cs->sort_order_big;
-  scanner->contractions= cs->contractions;
+  if (length)
+  {
+    scanner->sbeg= str;
+    scanner->send= str + length - 2;
+    scanner->uca_length= cs->sort_order;
+    scanner->uca_weight= cs->sort_order_big;
+    scanner->contractions= cs->contractions;
+  }
+  else
+  {
+    /*
+      Sometimes this function is called with
+      str=NULL and length=0, which should be
+      considered as an empty string.
+      
+      The above initialization is unsafe for such cases,
+      because scanner->send is initialized to (NULL-2), which is 0xFFFFFFFE.
+      Then we fall into an endless loop in my_uca_scanner_next_ucs2().
+      
+      Do special initialization for the case when length=0.
+      Initialize scanner->sbeg to an address greater than scanner->send.
+      Next call of my_uca_scanner_next_ucs2() will correctly return with -1.
+    */
+    scanner->sbeg= (uchar*) &nochar[1];
+    scanner->send= (uchar*) &nochar[0];
+  }
 }
 
 

--- 1.17/mysql-test/r/ctype_uca.result	2005-12-23 14:19:31 +04:00
+++ 1.18/mysql-test/r/ctype_uca.result	2007-03-27 12:20:17 +05:00
@@ -2654,3 +2654,12 @@
 İİ	4	ii	2	İİ	4
 II	2	ıı	4	II	2
 DROP TABLE t1;
+CREATE TABLE t1 (
+c1 text character set ucs2 collate ucs2_polish_ci NOT NULL
+) ENGINE=MyISAM;
+insert into t1 values (''),('a');
+SELECT COUNT(*), c1 FROM t1 GROUP BY c1;
+COUNT(*)	c1
+1	
+1	a
+DROP TABLE IF EXISTS t1;

--- 1.15/mysql-test/t/ctype_uca.test	2005-12-23 14:19:25 +04:00
+++ 1.16/mysql-test/t/ctype_uca.test	2007-03-27 12:20:17 +05:00
@@ -475,3 +475,13 @@
 SELECT a, length(a) la, @l:=lower(a) l, length(@l) ll, @u:=upper(a) u, length(@u) lu
 FROM t1 ORDER BY id;
 DROP TABLE t1;
+
+#
+# Bug #27079 Crash while grouping empty ucs2 strings
+#
+CREATE TABLE t1 (
+ c1 text character set ucs2 collate ucs2_polish_ci NOT NULL
+) ENGINE=MyISAM;
+insert into t1 values (''),('a');
+SELECT COUNT(*), c1 FROM t1 GROUP BY c1;
+DROP TABLE IF EXISTS t1;
Thread
bk commit into 5.0 tree (bar:1.2477) BUG#27079bar27 Mar